How to get better security people

• Previous message (by thread): How to get better security people
• Next message (by thread): How to get better security people
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 3 Apr 2002, Avleen Vig wrote:

:Have a look at SAFE (url in sig).
:We detect smurf amplifiers and I'm currently looking at ways to export
:data to companies regarding large smurf amplifiers (>x250 amplification)
:who refuse to close after X number of warnings.

Yeah, that uses a bit more of the anti-spam model than a network 
protection model. Aris takes IDS logs from subscriber sites, 
normalizes them and generates stats (among other things). After
the data is normalized, they show emerging trends and anomalies.
An example of this would be if an attacker started scanning across
the Internet for ssh servers, this could trigger IDS's at multiple 
sites, which would increase the profile of attackers ip addr. 

What I was suggesting is that this data be cleaned and a list of 
actively hostile hosts be distributed to subscribers for temporary
blockage, either by port filter, or blackholed by prefix on a reasonably
real-time basis.  


--
batz

• Previous message (by thread): How to get better security people
• Next message (by thread): How to get better security people
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]